CVE-2024-8999 Improper Access Control in lunary-ai/lunary

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

CVE-2024-8999

Lunary (lunary-ai/lunary) v1.4.25 contains an improper access control vulnerability in POST /api/v1/data-warehouse/bigquery, allowing unauthenticated/export of the entire database to Google BigQuery. Root cause: insufficient access checks on the data-warehouse/bigquery endpoint. Impact is high (c...

CVE-2024-0551

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

CVE-2024-12269

The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the...

CVE-2024-12269 Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export

The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the...

CVE-2024-12269

CVE-2024-12269 affects the Safe Ai Malware Protection for WP WordPress plugin. A missing capability check in export_db() in all versions up to and including 1.0.17 allows unauthenticated attackers to retrieve a complete dump of the site’s database. Connected sources confirm the vulnerability and ...

CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning. A security vulnerability exists in SOPlanning. An attacker exploiting the vulnerability could access the underlying database by exporting it as a CSV file...

CVE-2024-0551

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

CVE-2024-0551

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

Design/Logic Flaw

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

CVE-2024-0551

CVE-2024-0551 describes an access-control error that allows exporting the database and related data via the default user role for users with prior system access. The export mechanism uses a deterministic name, and the download is initiated by the UI before the export is deleted from the system, i...

AnythingLLM Access Control Error Vulnerability

AnythingLLM is a document chatbot that meets business requirements. An access control error vulnerability exists in AnythingLLM. An attacker could use this vulnerability to gain access to the system and export database information...

PT-2024-15651 · Git +2 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows exports of the database and associated exported information of the system via the default user role. An attacker would need to have been granted access to the system prior...

CVE-2022-24798 Insufficient password hash filtering in some IRRd queries and exports

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

CVE-2021-43701

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/articledb, via the fieldS and orderby parameters...

Design/Logic Flaw

An issue was discovered in Mutare Voice EVM 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database...

CVE-2021-27235

An issue was discovered in Mutare Voice EVM 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database...

Mutare Voice Security Vulnerability

A security vulnerability exists in Mutare Voice EVM 3.x before 3.3.8 that allows anyone to export database tables...

CVE-2020-11692

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators...